configure.ac revision 1.2
1 1.1 manu dnl -*- mode: m4 -*- 2 1.2 manu dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 1.1 manu 4 1.1 manu AC_PREREQ(2.52) 5 1.2 manu AC_INIT(ipsec-tools, CVS) 6 1.1 manu AC_CONFIG_SRCDIR([configure.ac]) 7 1.1 manu AM_CONFIG_HEADER(config.h) 8 1.1 manu 9 1.1 manu AM_INIT_AUTOMAKE(dist-bzip2) 10 1.1 manu 11 1.1 manu AC_ENABLE_SHARED(no) 12 1.1 manu 13 1.1 manu AC_PROG_CC 14 1.1 manu AM_PROG_CC_STDC 15 1.1 manu AC_HEADER_STDC 16 1.1 manu AC_PROG_LIBTOOL 17 1.1 manu AC_PROG_YACC 18 1.1 manu AM_PROG_LEX 19 1.1 manu AC_SUBST(LEXLIB) 20 1.1 manu AC_PROG_EGREP 21 1.1 manu 22 1.1 manu CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 23 1.1 manu 24 1.1 manu case $host in 25 1.1 manu *netbsd*) 26 1.1 manu LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 27 1.1 manu ;; 28 1.1 manu *linux*) 29 1.1 manu LIBS="$LIBS -lresolv" 30 1.1 manu INSTALL_OPTS="-o bin -g bin" 31 1.1 manu INCLUDE_GLIBC="include-glibc" 32 1.1 manu RPM="rpm" 33 1.1 manu AC_SUBST(INSTALL_OPTS) 34 1.1 manu AC_SUBST(INCLUDE_GLIBC) 35 1.1 manu AC_SUBST(RPM) 36 1.1 manu ;; 37 1.2 manu *darwin*) 38 1.2 manu LIBS="$LIBS -lresolv" 39 1.2 manu ;; 40 1.1 manu esac 41 1.1 manu 42 1.1 manu # Look up some IPsec-related headers 43 1.1 manu AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 44 1.1 manu AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 45 1.1 manu AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 46 1.1 manu 47 1.1 manu # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 48 1.1 manu if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 49 1.1 manu have_netinet_ipsec=yes 50 1.1 manu AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>]) 51 1.1 manu fi 52 1.1 manu 53 1.1 manu case "$host_os" in 54 1.1 manu *linux*) 55 1.1 manu AC_ARG_WITH(kernel-headers, 56 1.1 manu AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 57 1.1 manu [where your Linux Kernel headers are installed]), 58 1.1 manu [ KERNEL_INCLUDE="$with_kernel_headers" 59 1.1 manu CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 60 1.1 manu AC_SUBST(CONFIGURE_AMFLAGS) ], 61 1.1 manu [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 62 1.1 manu 63 1.2 manu AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 64 1.2 manu [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 65 1.1 manu KERNEL_INCLUDE=/usr/src/linux/include , 66 1.1 manu [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 67 1.1 manu AC_SUBST(KERNEL_INCLUDE) 68 1.1 manu # We need the configure script to run with correct kernel headers. 69 1.1 manu # However we don't want to point to kernel source tree in compile time, 70 1.1 manu # i.e. this will be removed from CPPFLAGS at the end of configure. 71 1.1 manu CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 72 1.1 manu 73 1.1 manu AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 74 1.1 manu [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 75 1.1 manu [Are PF_KEY policy priorities supported?])], [], 76 1.1 manu [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 77 1.1 manu 78 1.1 manu GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 79 1.1 manu GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 80 1.1 manu CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 81 1.2 manu CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 82 1.2 manu AC_SUBST(GLIBC_BUGS) 83 1.1 manu ;; 84 1.1 manu *) 85 1.1 manu if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 86 1.1 manu if test "$have_net_pfkey" = yes; then 87 1.1 manu AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 88 1.1 manu else 89 1.1 manu AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 90 1.1 manu fi 91 1.1 manu fi 92 1.1 manu ;; 93 1.1 manu esac 94 1.1 manu 95 1.1 manu ### Some basic toolchain checks 96 1.1 manu 97 1.1 manu # Checks for header files. 98 1.1 manu AC_HEADER_STDC 99 1.1 manu AC_HEADER_SYS_WAIT 100 1.1 manu AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 101 1.2 manu AC_CHECK_HEADERS(shadow.h) 102 1.1 manu 103 1.1 manu # Checks for typedefs, structures, and compiler characteristics. 104 1.1 manu AC_C_CONST 105 1.1 manu AC_TYPE_PID_T 106 1.1 manu AC_TYPE_SIZE_T 107 1.1 manu AC_HEADER_TIME 108 1.1 manu AC_STRUCT_TM 109 1.1 manu 110 1.1 manu # Checks for library functions. 111 1.1 manu AC_FUNC_MEMCMP 112 1.1 manu AC_TYPE_SIGNAL 113 1.1 manu AC_FUNC_VPRINTF 114 1.2 manu AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 115 1.1 manu AC_REPLACE_FUNCS(strdup) 116 1.1 manu RACOON_CHECK_VA_COPY 117 1.1 manu 118 1.1 manu # Check if printf accepts "%z" type modifier for size_t argument 119 1.1 manu AC_MSG_CHECKING(if printf accepts %z) 120 1.1 manu saved_CFLAGS=$CFLAGS 121 1.1 manu CFLAGS="$CFLAGS -Wall -Werror" 122 1.1 manu AC_TRY_COMPILE([ 123 1.1 manu #include <stdio.h> 124 1.1 manu ], [ 125 1.1 manu printf("%zu\n", (size_t)-1); 126 1.1 manu ], 127 1.1 manu [AC_MSG_RESULT(yes)], 128 1.2 manu [AC_MSG_RESULT(no); 129 1.2 manu CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 130 1.2 manu AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 131 1.2 manu ]) 132 1.1 manu CFLAGS=$saved_CFLAGS 133 1.1 manu 134 1.1 manu # Can we use __func__ macro? 135 1.1 manu AC_MSG_CHECKING(if __func__ is available) 136 1.1 manu AC_TRY_COMPILE( 137 1.1 manu [#include <stdio.h> 138 1.1 manu ], [char *x = __func__;], 139 1.1 manu [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 140 1.1 manu AC_MSG_RESULT(yes)], 141 1.1 manu [AC_MSG_RESULT(no)]) 142 1.1 manu 143 1.1 manu # Check if readline support is requested 144 1.1 manu AC_MSG_CHECKING(if readline support is requested) 145 1.1 manu AC_ARG_WITH(readline, 146 1.1 manu [ --with-readline support readline input (yes by default)], 147 1.1 manu [with_readline="$withval"], [with_readline="yes"]) 148 1.1 manu AC_MSG_RESULT($with_readline) 149 1.1 manu 150 1.1 manu # Is readline available? 151 1.1 manu if test $with_readline != "no"; then 152 1.1 manu AC_CHECK_HEADER([readline/readline.h], 153 1.1 manu [AC_CHECK_LIB(readline, readline, [ 154 1.1 manu AC_DEFINE(HAVE_READLINE, [], 155 1.1 manu [Is readline available?]) 156 1.1 manu LIBS="$LIBS -lreadline" 157 1.1 manu ], [])], []) 158 1.1 manu fi 159 1.1 manu 160 1.2 manu 161 1.2 manu AC_MSG_CHECKING(if --with-flex option is specified) 162 1.2 manu AC_ARG_WITH(flexdir, 163 1.2 manu [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 164 1.2 manu [flexdir="$withval"]) 165 1.2 manu AC_MSG_RESULT(${flexdir-dirdefault}) 166 1.2 manu 167 1.2 manu if test "x$flexdir" != "x"; then 168 1.2 manu LIBS="$LIBS $flexdir/libfl.a" 169 1.2 manu fi 170 1.2 manu 171 1.2 manu AC_MSG_CHECKING(if --with-flexlib option is specified) 172 1.2 manu AC_ARG_WITH(flexlib, 173 1.2 manu [ --with-flexlib=<LIB> specify flex library.], 174 1.2 manu [flexlib="$withval"]) 175 1.2 manu AC_MSG_RESULT(${flexlib-default}) 176 1.2 manu 177 1.2 manu if test "x$flexlib" != "x"; then 178 1.2 manu LIBS="$LIBS $flexlib" 179 1.2 manu fi 180 1.2 manu 181 1.1 manu # Check if a different OpenSSL directory was specified 182 1.1 manu AC_MSG_CHECKING(if --with-openssl option is specified) 183 1.1 manu AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 184 1.1 manu [crypto_dir=$withval]) 185 1.1 manu AC_MSG_RESULT(${crypto_dir-default}) 186 1.1 manu 187 1.1 manu if test "x$crypto_dir" != "x"; then 188 1.1 manu LIBS="$LIBS -L${crypto_dir}/lib" 189 1.2 manu CPPFLAGS="-I${crypto_dir}/include $CPPLAGS" 190 1.1 manu fi 191 1.1 manu AC_MSG_CHECKING(openssl version) 192 1.2 manu 193 1.2 manu AC_TRY_COMPILE( 194 1.2 manu [#include <openssl/opensslv.h> 195 1.2 manu ], 196 1.2 manu [#if OPENSSL_VERSION_NUMBER < 0x0090602fL 197 1.2 manu #error OpenSSL version is too old ... 198 1.2 manu #endif], 199 1.2 manu [AC_MSG_RESULT([ok])], 200 1.2 manu [AC_MSG_RESULT(too old) 201 1.2 manu AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.]) 202 1.2 manu ]) 203 1.2 manu 204 1.1 manu AC_CHECK_HEADERS(openssl/engine.h) 205 1.1 manu 206 1.1 manu # checking rijndael 207 1.1 manu AC_CHECK_HEADERS([openssl/aes.h], [], 208 1.1 manu [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 209 1.1 manu 210 1.1 manu # checking sha2 211 1.1 manu AC_MSG_CHECKING(sha2 support) 212 1.1 manu AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 213 1.2 manu AC_MSG_RESULT(yes) 214 1.1 manu AC_CHECK_HEADER(openssl/sha2.h, [], [ 215 1.2 manu AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 216 1.2 manu AC_TRY_COMPILE([ 217 1.2 manu #ifdef HAVE_SYS_TYPES_H 218 1.2 manu #include <sys/types.h> 219 1.2 manu #endif 220 1.2 manu #include <openssl/sha.h> 221 1.2 manu ], [ 222 1.2 manu SHA256_CTX ctx; 223 1.2 manu ], [ 224 1.2 manu AC_MSG_RESULT(yes) 225 1.2 manu AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 226 1.2 manu ], [AC_MSG_RESULT(no) 227 1.2 manu AC_LIBOBJ([sha2]) 228 1.2 manu CRYPTOBJS="$CRYPTOBJS sha2.o" 229 1.2 manu ]) 230 1.2 manu 231 1.1 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing" 232 1.2 manu ]) 233 1.1 manu AC_SUBST(CRYPTOBJS) 234 1.1 manu 235 1.2 manu # checking camellia 236 1.2 manu AC_CHECK_HEADERS([openssl/camellia.h]) 237 1.2 manu 238 1.2 manu 239 1.1 manu # Option --enable-adminport 240 1.1 manu AC_MSG_CHECKING(if --enable-adminport option is specified) 241 1.1 manu AC_ARG_ENABLE(adminport, 242 1.1 manu [ --enable-adminport enable admin port], 243 1.1 manu [], [enable_adminport=no]) 244 1.1 manu if test $enable_adminport = "yes"; then 245 1.1 manu AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 246 1.1 manu fi 247 1.1 manu AC_MSG_RESULT($enable_adminport) 248 1.1 manu 249 1.2 manu # Option RC5 250 1.2 manu AC_MSG_CHECKING(if --enable-rc5 option is specified) 251 1.2 manu AC_ARG_ENABLE(rc5, 252 1.2 manu [ --enable-rc5 enable RC5 encryption (patented)], 253 1.2 manu [], [enable_rc5=no]) 254 1.2 manu AC_MSG_RESULT($enable_rc5) 255 1.2 manu 256 1.2 manu if test $enable_rc5 = "yes"; then 257 1.2 manu AC_CHECK_HEADERS([openssl/rc5.h]) 258 1.2 manu AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 259 1.2 manu [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 260 1.2 manu fi 261 1.2 manu 262 1.2 manu # Option IDEA 263 1.2 manu AC_MSG_CHECKING(if --enable-idea option is specified) 264 1.2 manu AC_ARG_ENABLE(idea, 265 1.2 manu [ --enable-idea enable IDEA encryption (patented)], 266 1.2 manu [], [enable_idea=no]) 267 1.2 manu AC_MSG_RESULT($enable_idea) 268 1.2 manu 269 1.2 manu if test $enable_idea = "yes"; then 270 1.2 manu AC_CHECK_HEADERS([openssl/idea.h]) 271 1.2 manu AC_CHECK_LIB([crypto_idea], [idea_encrypt], 272 1.2 manu [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 273 1.2 manu fi 274 1.2 manu AC_SUBST(EXTRA_CRYPTO) 275 1.2 manu 276 1.2 manu # For dynamic libradius 277 1.2 manu RACOON_PATH_LIBS([MD5_Init], [crypto]) 278 1.2 manu 279 1.2 manu # Check if we need -lutil for login(3) 280 1.2 manu RACOON_PATH_LIBS([login], [util]) 281 1.2 manu 282 1.2 manu # Specify libiconv prefix 283 1.2 manu AC_MSG_CHECKING(if --with-libiconv option is specified) 284 1.2 manu AC_ARG_WITH(libiconv, 285 1.2 manu [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 286 1.2 manu [libiconv_dir=$withval], 287 1.2 manu [libiconv_dir=no]) 288 1.2 manu AC_MSG_RESULT($libiconv_dir) 289 1.2 manu if test "$libiconv_dir" != "no"; then 290 1.2 manu if test "$libiconv_dir" = "yes" ; then 291 1.2 manu libiconv_dir=""; 292 1.2 manu fi; 293 1.2 manu if test "x$libiconv_dir" = "x"; then 294 1.2 manu RACOON_PATH_LIBS([iconv_open], [iconv]) 295 1.1 manu else 296 1.2 manu if test -d "$libiconv_dir/lib" -a \ 297 1.2 manu -d "$libiconv_dir/include" ; then 298 1.2 manu RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 299 1.2 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 300 1.2 manu else 301 1.2 manu AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 302 1.2 manu fi 303 1.1 manu fi 304 1.2 manu LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 305 1.2 manu AC_CHECK_FUNCS(iconv_open) 306 1.1 manu fi 307 1.1 manu 308 1.1 manu AC_MSG_CHECKING([if --enable-hybrid option is specified]) 309 1.1 manu AC_ARG_ENABLE(hybrid, 310 1.1 manu [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 311 1.2 manu [], [enable_hybrid=no]) 312 1.2 manu AC_MSG_RESULT($enable_hybrid) 313 1.2 manu 314 1.2 manu if test "x$enable_hybrid" = "xyes"; then 315 1.2 manu case $host in 316 1.2 manu *darwin*) 317 1.2 manu ;; 318 1.2 manu *) 319 1.2 manu LIBS="$LIBS -lcrypt"; 320 1.2 manu ;; 321 1.2 manu esac 322 1.1 manu HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 323 1.1 manu AC_SUBST(HYBRID_OBJS) 324 1.1 manu AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 325 1.2 manu fi 326 1.1 manu 327 1.1 manu AC_MSG_CHECKING([if --enable-frag option is specified]) 328 1.1 manu AC_ARG_ENABLE(frag, 329 1.1 manu [ --enable-frag enable IKE fragmentation payload support], 330 1.2 manu [], [enable_frag=no]) 331 1.2 manu AC_MSG_RESULT($enable_frag) 332 1.2 manu 333 1.2 manu if test "x$enable_frag" = "xyes"; then 334 1.2 manu case $host in 335 1.2 manu *darwin*) 336 1.2 manu ;; 337 1.2 manu *) 338 1.2 manu LIBS="$LIBS -lcrypt"; 339 1.2 manu ;; 340 1.2 manu esac 341 1.1 manu FRAG_OBJS="isakmp_frag.o" 342 1.1 manu AC_SUBST(FRAG_OBJS) 343 1.1 manu AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 344 1.2 manu fi 345 1.1 manu 346 1.1 manu AC_MSG_CHECKING(if --with-libradius option is specified) 347 1.1 manu AC_ARG_WITH(libradius, 348 1.1 manu [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 349 1.1 manu [libradius_dir=$withval], 350 1.1 manu [libradius_dir=no]) 351 1.1 manu AC_MSG_RESULT($libradius_dir) 352 1.1 manu if test "$libradius_dir" != "no"; then 353 1.1 manu if test "$libradius_dir" = "yes" ; then 354 1.1 manu libradius_dir=""; 355 1.1 manu fi; 356 1.1 manu if test "x$libradius_dir" = "x"; then 357 1.2 manu RACOON_PATH_LIBS([rad_create_request], [radius]) 358 1.1 manu else 359 1.1 manu if test -d "$libradius_dir/lib" -a \ 360 1.1 manu -d "$libradius_dir/include" ; then 361 1.2 manu RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 362 1.1 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 363 1.1 manu else 364 1.1 manu AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 365 1.1 manu fi 366 1.1 manu fi 367 1.1 manu AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 368 1.1 manu LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 369 1.1 manu AC_CHECK_FUNCS(rad_create_request) 370 1.1 manu fi 371 1.1 manu 372 1.1 manu AC_MSG_CHECKING(if --with-libpam option is specified) 373 1.1 manu AC_ARG_WITH(libpam, 374 1.1 manu [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 375 1.1 manu [libpam_dir=$withval], 376 1.1 manu [libpam_dir=no]) 377 1.1 manu AC_MSG_RESULT($libpam_dir) 378 1.1 manu if test "$libpam_dir" != "no"; then 379 1.1 manu if test "$libpam_dir" = "yes" ; then 380 1.1 manu libpam_dir=""; 381 1.1 manu fi; 382 1.1 manu if test "x$libpam_dir" = "x"; then 383 1.2 manu RACOON_PATH_LIBS([pam_start], [pam]) 384 1.1 manu else 385 1.1 manu if test -d "$libpam_dir/lib" -a \ 386 1.1 manu -d "$libpam_dir/include" ; then 387 1.2 manu RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 388 1.1 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 389 1.1 manu else 390 1.1 manu AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 391 1.1 manu fi 392 1.1 manu fi 393 1.1 manu AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 394 1.1 manu LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 395 1.2 manu AC_CHECK_FUNCS(pam_start) 396 1.2 manu fi 397 1.2 manu 398 1.2 manu AC_MSG_CHECKING(if --with-libldap option is specified) 399 1.2 manu AC_ARG_WITH(libldap, 400 1.2 manu [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 401 1.2 manu [libldap_dir=$withval], 402 1.2 manu [libldap_dir=no]) 403 1.2 manu AC_MSG_RESULT($libldap_dir) 404 1.2 manu if test "$libldap_dir" != "no"; then 405 1.2 manu if test "$libldap_dir" = "yes" ; then 406 1.2 manu libldap_dir=""; 407 1.2 manu fi; 408 1.2 manu if test "x$libldap_dir" = "x"; then 409 1.2 manu RACOON_PATH_LIBS([ldap_init], [ldap]) 410 1.2 manu else 411 1.2 manu if test -d "$libldap_dir/lib" -a \ 412 1.2 manu -d "$libldap_dir/include" ; then 413 1.2 manu RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 414 1.2 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 415 1.2 manu else 416 1.2 manu AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 417 1.2 manu fi 418 1.2 manu fi 419 1.2 manu AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 420 1.2 manu LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 421 1.2 manu 422 1.2 manu saved_CFLAGS=$CFLAGS 423 1.2 manu CFLAGS="$CFLAGS -Wall -Werror" 424 1.2 manu saved_CPPFLAGS=$CPPFLAGS 425 1.2 manu CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 426 1.2 manu AC_TRY_COMPILE( 427 1.2 manu [#include <ldap.h>], 428 1.2 manu [ 429 1.2 manu #if LDAP_API_VERSION < 2004 430 1.2 manu #error OpenLDAP version is too old ... 431 1.2 manu #endif 432 1.2 manu ], 433 1.2 manu [AC_MSG_RESULT([ok])], 434 1.2 manu [ 435 1.2 manu AC_MSG_RESULT(too old) 436 1.2 manu AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 437 1.2 manu ]) 438 1.2 manu CFLAGS=$saved_CFLAGS 439 1.2 manu CPPFLAGS=$saved_CPPFLAGS 440 1.2 manu fi 441 1.2 manu 442 1.2 manu # Check for Kerberos5 support 443 1.2 manu # XXX This must come after all --with-* tests, else the 444 1.2 manu # -liconv checks will not work 445 1.2 manu AC_MSG_CHECKING(if --enable-gssapi option is specified) 446 1.2 manu AC_ARG_ENABLE(gssapi, 447 1.2 manu [ --enable-gssapi enable GSS-API authentication], 448 1.2 manu [], [enable_gssapi=no]) 449 1.2 manu AC_MSG_RESULT($enable_gssapi) 450 1.2 manu AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 451 1.2 manu if test "x$enable_gssapi" = "xyes"; then 452 1.2 manu if test "$KRB5_CONFIG" != "no"; then 453 1.2 manu krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 454 1.2 manu krb5_libs="`$KRB5_CONFIG --libs gssapi`" 455 1.2 manu else 456 1.2 manu # No krb5-config; let's make some assumptions based on 457 1.2 manu # the OS. 458 1.2 manu case $host_os in 459 1.2 manu netbsd*) 460 1.2 manu krb5_incdir="-I/usr/include/krb5" 461 1.2 manu krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 462 1.2 manu ;; 463 1.2 manu *) 464 1.2 manu AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 465 1.2 manu ;; 466 1.2 manu esac 467 1.2 manu fi 468 1.2 manu LIBS="$LIBS $krb5_libs" 469 1.2 manu CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 470 1.2 manu AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 471 1.2 manu 472 1.2 manu # Check if iconv 2nd argument needs const 473 1.2 manu saved_CFLAGS=$CFLAGS 474 1.2 manu CFLAGS="$CFLAGS -Wall -Werror" 475 1.2 manu saved_CPPFLAGS=$CPPFLAGS 476 1.2 manu CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 477 1.2 manu AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 478 1.2 manu AC_MSG_CHECKING([if iconv second argument needs const]) 479 1.2 manu AC_TRY_COMPILE([ 480 1.2 manu #include <iconv.h> 481 1.2 manu #include <stdio.h> 482 1.2 manu ], [ 483 1.2 manu iconv_t cd = NULL; 484 1.2 manu const char **src = NULL; 485 1.2 manu size_t *srcleft = NULL; 486 1.2 manu char **dst = NULL; 487 1.2 manu size_t *dstleft = NULL; 488 1.2 manu 489 1.2 manu (void)iconv(cd, src, srcleft, dst, dstleft); 490 1.2 manu ], [AC_MSG_RESULT(yes) 491 1.2 manu AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 492 1.2 manu ], [AC_MSG_RESULT(no)]) 493 1.2 manu CFLAGS=$saved_CFLAGS 494 1.2 manu CPPFLAGS=$saved_CPPFLAGS 495 1.2 manu 496 1.2 manu # libiconv is often integrated into libc. If a with-* option 497 1.2 manu # caused a non libc-based iconv.h to be catched instead of 498 1.2 manu # the libc-based iconv.h, then we need to link with -liconv 499 1.2 manu AC_MSG_CHECKING(if -liconv is required) 500 1.2 manu saved_CPPFLAGS=$CPPFLAGS 501 1.2 manu saved_LIBS=$LIBS 502 1.2 manu CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 503 1.2 manu AC_TRY_LINK([ 504 1.2 manu #include <iconv.h> 505 1.2 manu ], [ 506 1.2 manu (void)iconv_open("ascii", "ascii"); 507 1.2 manu ], 508 1.2 manu [AC_MSG_RESULT(no)], 509 1.2 manu [ 510 1.2 manu LIBS="$LIBS -liconv" 511 1.2 manu AC_TRY_LINK([ 512 1.2 manu #include <iconv.h> 513 1.2 manu ], [ 514 1.2 manu (void)iconv_open("ascii", "ascii"); 515 1.2 manu ], 516 1.2 manu [ 517 1.2 manu AC_MSG_RESULT(yes) 518 1.2 manu saved_LIBS=$LIBS 519 1.2 manu ], [ 520 1.2 manu AC_MSG_ERROR([cannot use iconv]) 521 1.2 manu ]) 522 1.2 manu ]) 523 1.2 manu CPPFLAGS=$saved_CPPFLAGS 524 1.2 manu LIBS=$saved_LIBS 525 1.1 manu fi 526 1.1 manu 527 1.1 manu AC_MSG_CHECKING(if --enable-stats option is specified) 528 1.1 manu AC_ARG_ENABLE(stats, 529 1.1 manu [ --enable-stats enable statistics logging function], 530 1.1 manu [], [enable_stats=no]) 531 1.1 manu if test "x$enable_stats" = "xyes"; then 532 1.1 manu AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 533 1.1 manu fi 534 1.1 manu AC_MSG_RESULT($enable_stats) 535 1.1 manu 536 1.1 manu AC_MSG_CHECKING(if --enable-dpd option is specified) 537 1.1 manu AC_ARG_ENABLE(dpd, 538 1.1 manu [ --enable-dpd enable dead peer detection], 539 1.1 manu [], [enable_dpd=no]) 540 1.1 manu if test "x$enable_dpd" = "xyes"; then 541 1.1 manu AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 542 1.1 manu fi 543 1.1 manu AC_MSG_RESULT($enable_dpd) 544 1.1 manu 545 1.2 manu AC_MSG_CHECKING(if --enable-fastquit option is specified) 546 1.2 manu AC_ARG_ENABLE(fastquit, 547 1.2 manu [ --enable-fastquit enable new faster code to flush SAs when stopping racoon], 548 1.2 manu [], [enable_fastquit=no]) 549 1.2 manu if test "x$enable_fastquit" = "xyes"; then 550 1.2 manu AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code]) 551 1.2 manu fi 552 1.2 manu AC_MSG_RESULT($enable_fastquit) 553 1.2 manu 554 1.1 manu 555 1.1 manu AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 556 1.1 manu AC_ARG_ENABLE(samode-unspec, 557 1.1 manu [ --enable-samode-unspec enable to use unspecified a mode of SA], 558 1.1 manu [], [enable_samode_unspec=no]) 559 1.1 manu if test "x$enable_samode_unspec" = "xyes"; then 560 1.2 manu case $host_os in 561 1.2 manu *linux*) 562 1.2 manu cat << EOC 563 1.2 manu 564 1.2 manu ERROR: --enable-samode-unspec is not supported under linux 565 1.2 manu because linux kernel do not support it. This option is disabled 566 1.2 manu to prevent mysterious problems. 567 1.2 manu 568 1.2 manu If you REALLY know what your are doing, remove this check. 569 1.2 manu EOC 570 1.2 manu exit 1; 571 1.2 manu ;; 572 1.2 manu esac 573 1.1 manu AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 574 1.1 manu fi 575 1.1 manu AC_MSG_RESULT($enable_samode_unspec) 576 1.1 manu 577 1.1 manu # Checks if IPv6 is requested 578 1.1 manu AC_MSG_CHECKING([whether to enable ipv6]) 579 1.1 manu AC_ARG_ENABLE(ipv6, 580 1.1 manu [ --disable-ipv6 disable ipv6 support], 581 1.1 manu [ case "$enableval" in 582 1.1 manu no) 583 1.1 manu AC_MSG_RESULT(no) 584 1.1 manu ipv6=no 585 1.1 manu ;; 586 1.1 manu *) AC_MSG_RESULT(yes) 587 1.1 manu ipv6=yes 588 1.1 manu ;; 589 1.1 manu esac ], 590 1.1 manu 591 1.1 manu AC_TRY_RUN([ /* AF_INET6 avalable check */ 592 1.1 manu #include <sys/types.h> 593 1.1 manu #include <sys/socket.h> 594 1.1 manu main() 595 1.1 manu { 596 1.1 manu exit(0); 597 1.1 manu if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 598 1.1 manu exit(1); 599 1.1 manu else 600 1.1 manu exit(0); 601 1.1 manu } 602 1.1 manu ], 603 1.1 manu AC_MSG_RESULT(yes) 604 1.1 manu AC_DEFINE([INET6], [], [Support IPv6]) 605 1.1 manu ipv6=yes, 606 1.1 manu AC_MSG_RESULT(no) 607 1.1 manu ipv6=no, 608 1.1 manu AC_MSG_RESULT(no) 609 1.1 manu ipv6=no 610 1.1 manu )) 611 1.1 manu 612 1.1 manu if test "$ipv6" = "yes"; then 613 1.2 manu AC_DEFINE([INET6], [], [Support IPv6]) 614 1.1 manu AC_MSG_CHECKING(for advanced API support) 615 1.1 manu AC_TRY_COMPILE([#ifndef INET6 616 1.1 manu #define INET6 617 1.1 manu #endif 618 1.1 manu #include <sys/types.h> 619 1.1 manu #include <netinet/in.h>], 620 1.1 manu [struct in6_pktinfo a;], 621 1.1 manu [AC_MSG_RESULT(yes) 622 1.1 manu AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 623 1.1 manu [AC_MSG_RESULT(no)]) 624 1.1 manu fi 625 1.1 manu 626 1.1 manu RACOON_CHECK_BUGGY_GETADDRINFO 627 1.1 manu if test "$buggygetaddrinfo" = "yes"; then 628 1.1 manu AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 629 1.1 manu fi 630 1.1 manu 631 1.1 manu # Check if kernel support is available for NAT-T, defaults to no. 632 1.1 manu kernel_natt="no" 633 1.1 manu 634 1.1 manu AC_MSG_CHECKING(kernel NAT-Traversal support) 635 1.1 manu case $host_os in 636 1.1 manu linux*) 637 1.1 manu # Linux kernel NAT-T check 638 1.1 manu AC_EGREP_CPP(yes, 639 1.1 manu [#include <linux/pfkeyv2.h> 640 1.1 manu #ifdef SADB_X_EXT_NAT_T_TYPE 641 1.1 manu yes 642 1.1 manu #endif 643 1.1 manu ], [kernel_natt="yes"]) 644 1.1 manu ;; 645 1.1 manu freebsd*|netbsd*) 646 1.1 manu # NetBSD case 647 1.1 manu # Same check for FreeBSD 648 1.1 manu AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 649 1.1 manu [kernel_natt="yes"],, [ 650 1.1 manu #define _KERNEL 651 1.1 manu #include <sys/types.h> 652 1.1 manu #include <net/pfkeyv2.h> 653 1.1 manu ]) 654 1.1 manu ;; 655 1.1 manu esac 656 1.1 manu AC_MSG_RESULT($kernel_natt) 657 1.1 manu 658 1.1 manu AC_MSG_CHECKING(whether to support NAT-T) 659 1.1 manu AC_ARG_ENABLE(natt, 660 1.1 manu [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 661 1.2 manu [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 662 1.2 manu [ enable_natt=no ]) 663 1.1 manu AC_MSG_RESULT($enable_natt) 664 1.1 manu 665 1.1 manu if test "$enable_natt" = "yes"; then 666 1.1 manu if test "$kernel_natt" = "no" ; then 667 1.1 manu AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 668 1.1 manu else 669 1.1 manu AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 670 1.1 manu NATT_OBJS="nattraversal.o" 671 1.1 manu AC_SUBST(NATT_OBJS) 672 1.1 manu fi 673 1.1 manu fi 674 1.1 manu 675 1.2 manu # Set up defines for supported NAT-T versions. 676 1.2 manu natt_versions_default="00,02,rfc" 677 1.2 manu AC_MSG_CHECKING(which NAT-T versions to support) 678 1.2 manu AC_ARG_ENABLE(natt_versions, 679 1.2 manu [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 680 1.2 manu [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 681 1.2 manu [ enable_natt_versions=$natt_versions_default ]) 682 1.2 manu if test "$enable_natt" = "yes"; then 683 1.2 manu AC_MSG_RESULT($enable_natt_versions) 684 1.2 manu for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 685 1.2 manu case $i in 686 1.2 manu 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 687 1.2 manu 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 688 1.2 manu 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 689 1.2 manu 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 690 1.2 manu 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 691 1.2 manu 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 692 1.2 manu 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 693 1.2 manu 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 694 1.2 manu 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 695 1.2 manu RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 696 1.2 manu *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 697 1.2 manu esac 698 1.2 manu done 699 1.2 manu unset i 700 1.2 manu else 701 1.2 manu AC_MSG_RESULT([none]) 702 1.1 manu fi 703 1.1 manu 704 1.2 manu AC_MSG_CHECKING(if --enable-broken-natt option is specified) 705 1.2 manu AC_ARG_ENABLE(broken-natt, 706 1.2 manu [ --enable-broken-natt broken in-kernel NAT-T], 707 1.2 manu [], [enable_broken_natt=no]) 708 1.2 manu if test "x$enable_broken_natt" = "xyes"; then 709 1.2 manu AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 710 1.1 manu fi 711 1.2 manu AC_MSG_RESULT($enable_broken_natt) 712 1.1 manu 713 1.1 manu AC_MSG_CHECKING(whether we support FWD policy) 714 1.1 manu case $host in 715 1.1 manu *linux*) 716 1.1 manu AC_TRY_COMPILE([ 717 1.1 manu #include <inttypes.h> 718 1.1 manu #include <linux/ipsec.h> 719 1.1 manu ], [ 720 1.1 manu int fwd = IPSEC_DIR_FWD; 721 1.1 manu ], 722 1.1 manu [AC_MSG_RESULT(yes) 723 1.1 manu AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 724 1.1 manu [AC_MSG_RESULT(no)]) 725 1.1 manu ;; 726 1.1 manu *) 727 1.1 manu AC_MSG_RESULT(no) 728 1.1 manu ;; 729 1.1 manu esac 730 1.1 manu 731 1.2 manu AC_CHECK_TYPE([ipsec_policy_t], 732 1.2 manu [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 733 1.2 manu [], 734 1.2 manu [ 735 1.2 manu #include <sys/types.h> 736 1.2 manu #include <netinet6/ipsec.h> 737 1.2 manu ]) 738 1.2 manu 739 1.2 manu # Check if kernel support is available for Security Context, defaults to no. 740 1.2 manu kernel_secctx="no" 741 1.2 manu 742 1.2 manu AC_MSG_CHECKING(kernel Security Context support) 743 1.2 manu case $host_os in 744 1.2 manu linux*) 745 1.2 manu # Linux kernel Security Context check 746 1.2 manu AC_EGREP_CPP(yes, 747 1.2 manu [#include <linux/pfkeyv2.h> 748 1.2 manu #ifdef SADB_X_EXT_SEC_CTX 749 1.2 manu yes 750 1.2 manu #endif 751 1.2 manu ], [kernel_secctx="yes"]) 752 1.2 manu ;; 753 1.2 manu esac 754 1.2 manu AC_MSG_RESULT($kernel_secctx) 755 1.2 manu 756 1.2 manu AC_MSG_CHECKING(whether to support Security Context) 757 1.2 manu AC_ARG_ENABLE(security-context, 758 1.2 manu [ --enable-security-context enable Security Context(yes/no/kernel)], 759 1.2 manu [if test "$enable_security-context" = "kernel"; then 760 1.2 manu enable_security_context=$kernel_secctx; fi], 761 1.2 manu [enable_security_context=$kernel_secctx]) 762 1.2 manu AC_MSG_RESULT($enable_security_context) 763 1.2 manu 764 1.2 manu if test "$enable_security_context" = "yes"; then 765 1.2 manu if test "$kernel_secctx" = "no" ; then 766 1.2 manu AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 767 1.2 manu else 768 1.2 manu AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 769 1.2 manu SECCTX_OBJS="security.o" 770 1.2 manu AC_SUBST(SECCTX_OBJS) 771 1.2 manu fi 772 1.2 manu fi 773 1.2 manu 774 1.1 manu CFLAGS="$CFLAGS $CFLAGS_ADD" 775 1.1 manu CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 776 1.1 manu 777 1.1 manu case $host in 778 1.1 manu *linux*) 779 1.1 manu # Remove KERNEL_INCLUDE from CPPFLAGS. It will 780 1.1 manu # be symlinked to src/include-glibc/linux in 781 1.1 manu # compile time. 782 1.1 manu CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 783 1.1 manu ;; 784 1.1 manu esac 785 1.1 manu 786 1.1 manu include_racoondir=${includedir}/racoon 787 1.1 manu AC_SUBST(include_racoondir) 788 1.1 manu 789 1.1 manu AC_CONFIG_FILES([ 790 1.1 manu Makefile 791 1.1 manu package_version.h 792 1.1 manu src/Makefile 793 1.1 manu src/include-glibc/Makefile 794 1.1 manu src/libipsec/Makefile 795 1.1 manu src/setkey/Makefile 796 1.1 manu src/racoon/Makefile 797 1.1 manu src/racoon/samples/psk.txt 798 1.1 manu src/racoon/samples/racoon.conf 799 1.1 manu rpm/Makefile 800 1.1 manu rpm/suse/Makefile 801 1.2 manu rpm/suse/ipsec-tools.spec 802 1.1 manu ]) 803 1.1 manu AC_OUTPUT 804
Indexes created Sat Feb 28 05:31:39 UTC 2026